English English

psad: installation and configuration

This is a tutorial how to install psad (intrusion detection system) on Ubuntu.

This program detects attempts of port scanning of your server.



Firstly, psad can be install from the repository

sudo apt-get install psad


To detect all ingoing traffic to your server, you must set your iptables to log ingoing and forwarded packages.

sudo iptables -A INPUT -j LOG
sudo iptables -A FORWARD -j LOG

Psad must now be configured. This can be done through the main settings file of Psad.

sudo vim /etc/psad/psad.conf

In that before managed file psad.conf these following settings must be changed according to this.

EMAIL_ADDRESSES here_comes_your_email@here_comes_your_email.org
HOSTNAME your_hostname_or_your_domain

IPT_SYSLOG_FILE        /var/log/syslog;

Psad needs to be restarted to activate all changes that are done in this config file. This must be done after every change of the config file.

service psad restart


Finally, do not forget to update your psad signature by this command

psad --sig-update

The above mentioned command can be run also as a cronjob.


These following command can be used to check the status of psad.

service psad status
psad -S

Beware that psad only can not protect your network against any major attacks. You have to consider also other security measurements.



We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.